PT-2019-11609 · Red Hat · Undertow

Gaol

Publicado

2019-07-25

Atualizado

2025-03-07

CVE-2019-10184

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: undertow versions prior to 2.0.23.Final

Description: The issue allows web apps to have their directory structures predicted through requests without trailing slashes via the API. This is an information leak issue.

Recommendations: For versions prior to 2.0.23.Final, update to version 2.0.23.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation. Avoid making requests without trailing slashes to affected web apps until the issue is resolved.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2019-10184

GHSA-W69W-JVC7-WJGV

OESA-2025-1257

RHSA-2019:2935

RHSA-2019:2936

RHSA-2019:2937

RHSA-2019:3044

RHSA-2019:3045

RHSA-2019:3046

Produtos afetados

Undertow

PT-2019-11609 · Red Hat · Undertow

CVE-2019-10184

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 29